Configure local account to never lockout

[Guest]

Hello Microsoft,

Is there a way to create and configure a local account on windows XP or
Server 2003 to never lockout?

We want to disable the local built-in admin account, and create another
account with administrtative rights, however the only drawback is that this
second account is capable of being locked out.

Thanks

 

[Guest]

ALso keep in mind that we want the rest of our local accounts to lockout
according to the lockout policy. So changing the lockout policy to prevent
lockouts is out of the question

 

[Lanwench [MVP - Exchange]]

In

Hello Microsoft,

Is there a way to create and configure a local account on windows XP
or Server 2003 to never lockout?

We want to disable the local built-in admin account, and create
another account with administrtative rights, however the only
drawback is that this second account is capable of being locked out.

Thanks

Well, I don't think you can disable the built-in admin account (at least,
not a domain admin account). I'd probably just set up a very very (very)
complicated password on it.

I also don't like account lockout - I don't use it anymore, after a wise MS
security dude explained how it's a really easy way to invite a sort of DOS
attack. If you must use it, set it for something high - like 50. And, don't
lose the password for your new admin-equivalent account.

 

[Steven L Umbach]

I agree with Lanwench in that you can not exempt a user account to lockout.
Keep in mind however that the built in administrator account can be logged
onto in Safe Mode even when it is disabled though of course you usually need
physical access to the computer to logon in Safe Mode. A lockout threshold
of fifty with a lockout duration of ten minutes will be plenty to deter
brute force attacks unless you are allowing weak password in your domain.

Steve